Opened 10 years ago
Closed 10 years ago
#25460 closed Bug (invalid)
Inconsistent behaviour from TimestampSigner with two different separators
| Reported by: | Alex Barcelo | Owned by: | nobody |
|---|---|---|---|
| Component: | Core (Other) | Version: | 1.8 |
| Severity: | Normal | Keywords: | signing |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
I haven't been able to make exhaustive test, bad I seem to have a consistent failure that I cannot explain.
Break code:
signer = TimestampSigner(sep=":")
signer.unsign("kapo99:1ZfASc:UeDD0RvkDeC7qHNrI9HettcfRCQ", max_age=9999)
# Should be valid, but:
signer = TimestampSigner(sep="/")
signer.unsign("kapo99/1ZfASc/UeDD0RvkDeC7qHNrI9HettcfRCQ", max_age=9999)
# Fails with BadSignature
The secret key of my installation is (yes, not very original as a development key):
SECRET_KEY="development_secret_key"
Note:
See TracTickets
for help on using tickets.
The signature "UeDD0RvkDeC7qHNrI9HettcfRCQ" is based on the value "kapo99:1ZfASc". Now in the second case, the value as changed to "kapo99/1ZfASc" so the same signature won't work.